Atnaujinkite slapukų nuostatas

El. knyga: Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition

4.09/5 (551 ratings by Goodreads)
, , , , , , ,
  • Formatas: 656 pages
  • Išleidimo metai: 09-Jan-2015
  • Leidėjas: McGraw-Hill Professional
  • Kalba: eng
  • ISBN-13: 9780071838504
Kitos knygos pagal šią temą:
Gray Hat Hacking The Ethical Hacker's Handbook, Fourth EditionDidesnis paveikslėlis
  • Formatas: 656 pages
  • Išleidimo metai: 09-Jan-2015
  • Leidėjas: McGraw-Hill Professional
  • Kalba: eng
  • ISBN-13: 9780071838504
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Cutting-edge techniques for finding and fixing critical security flaws

Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 12 new chapters,Gray Hat Hacking: The Ethical Hacker's Handbook, Fourth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-deploy testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, andcyber law are thoroughly covered in this state-of-the-art resource.

  • Build and launch spoofing exploits with Ettercap and Evilgrade
  • Induce error conditions and crash software using fuzzers
  • Hack Cisco routers, switches, and network hardware
  • Use advanced reverse engineering to exploit Windows and Linux software
  • Bypass Windows Access Control and memory protection schemes
  • Scan for flaws in Web applications using Fiddler and the x5 plugin
  • Learn the use-after-free technique used in recent zero days
  • Bypass Web authentication via MySQL type conversion and MD5 injection attacks
  • Inject your shellcode into a browser's memory using the latest Heap Spray techniques
  • Hijack Web browsers with Metasploit and the BeEF Injection Framework
  • Neutralize ransomware before it takes control of your desktop
  • Dissect Android malware with JEB and DAD decompilers
  • Find one-day vulnerabilities with binary diffing

Preface xxiv
Acknowledgments xxv
Introduction xxvii
Part I Crash Course: Preparing for the War
Chapter 1 Ethical Hacking and the Legal System
3(26)
Why You Need to Understand Your Enemy's Tactics
3(1)
Recognizing Trouble When It Happens
4(1)
The Ethical Hacking Process
5(1)
The Penetration Testing Process
6(2)
What Would an Unethical Hacker Do Differently?
8(1)
The Rise of Cyberlaw
9(1)
Understanding Individual Cyberlaws
10(7)
The Controversy of "Hacking" Tools
17(1)
Vulnerability Disclosure
18(1)
Different Teams and Points of View
18(1)
How Did We Get Here?
19(1)
CERT's Current Process
20(2)
Organization for Internet Safety
22(1)
Conflicts Will Still Exist
23(1)
"No More Free Bugs"
24(1)
Bug Bounty Programs
24(5)
Summary
25(1)
References
25(2)
For Further Reading
27(2)
Chapter 2 Programming Survival Skills
29(28)
C Programming Language
29(1)
Basic C Language Constructs
29(5)
Sample Program
34(1)
Compiling with gcc
35(1)
Computer Memory
36(1)
Random Access Memory (RAM)
36(1)
Endian
36(1)
Segmentation of Memory
37(1)
Programs in Memory
37(1)
Buffers
38(1)
Strings in Memory
38(1)
Pointers
38(1)
Putting the Pieces of Memory Together
39(1)
Intel Processors
40(1)
Registers
40(1)
Assembly Language Basics
41(1)
Machine vs. Assembly vs. C
41(1)
AT&T vs. NASM
41(2)
Addressing Modes
43(1)
Assembly File Structure
44(1)
Assembling
45(1)
Debugging with gdb
45(1)
gdb Basics
45(1)
Disassembly with gdb
46(1)
Python Survival Skills
47(1)
Getting Python
47(1)
Hello World in Python
48(1)
Python Objects
48(1)
Strings
48(2)
Numbers
50(1)
Lists
51(1)
Dictionaries
52(1)
Files with Python
52(2)
Sockets with Python
54(3)
Summary
54(1)
References
55(1)
For Further Reading
55(2)
Chapter 3 Static Analysis
57(32)
Ethical Reverse Engineering
57(1)
Why Bother with Reverse Engineering?
58(1)
Reverse Engineering Considerations
58(1)
Source Code Analysis
59(1)
Source Code Auditing Tools
60(2)
The Utility of Source Code Auditing Tools
62(2)
Manual Source Code Auditing
64(5)
Automated Source Code Analysis
69(1)
Binary Analysis
70(1)
Manual Auditing of Binary Code
71(14)
Automated Binary Analysis Tools
85(4)
Summary
87(1)
For Further Reading
87(2)
Chapter 4 Advanced Analysis with IDA Pro
89(28)
Static Analysis Challenges
89(1)
Stripped Binaries
90(2)
Statically Linked Programs and FLAIR
92(6)
Data Structure Analysis
98(5)
Quirks of Compiled C++ Code
103(2)
Extending IDA Pro
105(1)
Scripting in IDAPython
106(9)
Example 4-1 Decrypting Strings in Place
114(1)
Executing Python Code
115(2)
Summary
116(1)
For Further Reading
116(1)
Chapter 5 World of Fuzzing
117(28)
Introduction to Fuzzing
117(1)
Choosing a Target
118(1)
Input Types
118(1)
Ease of Automation
119(1)
Complexity
120(1)
Types of Fuzzers
121(1)
Mutation Fuzzers
121(2)
Generation Fuzzers
123(1)
Getting Started
123(1)
Finding the Fuzzing Templates
124(3)
Lab 5-1 Collecting Samples from the Internet Archive
126(1)
Choosing the Optimal Template Set with Code Coverage
127(2)
Lab 5-2 Selecting the Best Samples for Fuzzing
127(2)
Peach Fuzzing Framework
129(6)
Peach Fuzzing Strategies
135(1)
Speed Does Matter
136(1)
Crash Analysis
136(5)
Lab 5-3 Mutation Fuzzing with Peach
140(1)
Other Mutation Fuzzers
141(1)
Generation Fuzzers
141(4)
Summary
142(1)
For Further Reading
142(3)
Chapter 6 Shellcode Strategies
145(16)
User Space Shellcode
145(1)
System Calls
145(1)
Basic Shellcode
146(1)
Port Binding Shellcode
147(1)
Reverse Shellcode
148(2)
Find Socket Shellcode
150(1)
Command Execution Code
151(1)
File Transfer Code
152(1)
Multistage Shellcode
152(1)
System Call Proxy Shellcode
152(1)
Process Injection Shellcode
153(1)
Other Shellcode Considerations
154(1)
Shellcode Encoding
154(1)
Self-Corrupting Shellcode
155(1)
Disassembling Shellcode
156(1)
Kernel Space Shellcode
157(1)
Kernel Space Considerations
158(3)
Summary
159(1)
References
159(1)
For Further Reading
159(2)
Chapter 7 Writing Linux Shellcode
161(32)
Basic Linux Shellcode
161(1)
System Calls
162(1)
System Calls by C
162(1)
System Calls by Assembly
163(1)
Exit System Call
163(2)
Setreuid System Call
165(1)
Shell-Spawning Shellcode with execve
166(3)
Implementing Port-Binding Shellcode
169(1)
Linux Socket Programming
170(2)
Assembly Program to Establish a Socket
172(3)
Test the Shellcode
175(2)
Implementing Reverse Connecting Shellcode
177(1)
Reverse Connecting C Program
177(1)
Reverse Connecting Assembly Program
178(2)
Encoding Shellcode
180(1)
Simple XOR Encoding
180(1)
Structure of Encoded Shellcode
181(1)
IMP/CALL XOR Decoder Example
181(2)
FNSTENV XOR Example
183(1)
Putting the Code Together
184(3)
Automating Shellcode Generation with Metasploit
187(1)
Generating Shellcode with Metasploit
187(1)
Encoding Shellcode with Metasploit
188(1)
Summary
189(1)
For Further Study
189(4)
Part II From Vulnerability to Exploit
Chapter 8 Spoofing-Based Attacks
193(22)
What Is Spoofing?
193(1)
ARP Spoofing
194(2)
Lab 8-1 ARP Spoofing with Ettercap
195(1)
Viewing Network Traffic
196(2)
Modifying Network Traffic
198(8)
DNS Spoofing
206(2)
Lab 8-2 DNS Spoofing with Ettercap
206(2)
Executing the Attack
208(1)
NetBIOS Name Spoofing and LLMNR Spoofing
209(3)
Lab 8-3 Attacking NetBIOS and LLMNR with Responder
209(3)
Cracking NTLMv1 and NTLMv2 Hashes
212(3)
Summary
213(1)
For Further Reading
213(2)
Chapter 9 Exploiting Cisco Routers
215(24)
Attacking Community Strings and Passwords
215(4)
Lab 9-1 Guessing Credentials with Ncrack and Metasploit
215(2)
Lab 9-2 Guessing Community Strings with Onesixtyone and Metasploit
217(2)
SNMP and TFTP
219(5)
Lab 9-3 Downloading Configuration Files with Metasploit
220(2)
Lab 9-4 Modifying Configurations with SNMP and TFTP
222(2)
Attacking Cisco Passwords
224(1)
Attacking Cisco Type 7 Passwords
224(2)
Lab 9-5 Cracking Type 7 Passwords with Cain
225(1)
Lab 9-6 Cracking Type 7 Passwords with Metasploit
225(1)
Attacking Cisco Type 5 Passwords
226(2)
Lab 9-7 Attacking Cisco Type 5 Passwords with John the Ripper
226(2)
Middling Traffic with Tunnels
228(7)
Lab 9-8 Setting Up a GRE Tunnel
228(3)
Lab 9-9 Routing Traffic over a GRE Tunnel
231(4)
Exploits and Other Attacks
235(1)
Cisco Exploits
235(1)
Maintaining Access on Cisco Devices
236(3)
Summary
237(1)
For Further Reading
237(2)
Chapter 10 Basic Linux Exploits
239(24)
Stack Operations
239(1)
Function Calling Procedure
240(1)
Buffer Overflows
241(5)
Lab 10-1 Overflow of meet.c
242(4)
Ramifications of Buffer Overflows
246(1)
Local Buffer Overflow Exploits
246(9)
Lab 10-2 Components of the Exploit
247(2)
Lab 10-3 Exploiting Stack Overflows from the Command Line
249(2)
Lab 10-4 Exploiting Stack Overflows with Generic Exploit Code
251(2)
Lab 10-5 Exploiting Small Buffers
253(2)
Exploit Development Process
255(8)
Lab 10-6 Building Custom Exploits
255(6)
Summary
261(1)
For Further Reading
261(2)
Chapter 11 Advanced Linux Exploits
263(28)
Format String Exploits
263(1)
The Problem
263(11)
Lab 11-1 Reading from Arbitrary Memory
267(2)
Lab 11-2 Writing to Arbitrary Memory
269(2)
Lab 11-3 Changing Program Execution
271(3)
Memory Protection Schemes
274(1)
Compiler Improvements
274(5)
Lab 11-4 Bypassing Stack Protection
276(3)
Kernel Patches and Scripts
279(9)
Lab 11-5 Return to libc Exploits
280(4)
Lab 11-6 Maintaining Privileges with ret2libc
284(4)
Bottom Line
288(3)
Summary
288(1)
References
289(1)
For Further Reading
289(2)
Chapter 12 Windows Exploits
291(22)
Compiling and Debugging Windows Programs
291(2)
Lab 12-1 Compiling on Windows
291(2)
Debugging on Windows with Immunity Debugger
293(5)
Lab 12-2 Crashing the Program
295(3)
Writing Windows Exploits
298(1)
Exploit Development Process Review
298(11)
Lab 12-3 Exploiting ProSSHD Server
299(10)
Understanding Structured Exception Handling (SEH)
309(1)
Implementation of SEH
310(3)
Summary
311(1)
References
311(1)
For Further Reading
311(2)
Chapter 13 Bypassing Windows Memory Protections
313(24)
Understanding Windows Memory Protections (XP SP3, Vista, 7, 8, Server 2008, and Server 2012)
313(1)
Stack-Based Buffer Overrun Detection (/GS)
313(1)
Safe Structured Exception Handling (SafeSEH)
314(1)
SEH Overwrite Protection (SEHOP)
315(1)
Heap Protections
315(1)
Data Execution Prevention (DEP)
316(1)
Address Space Layout Randomization (ASLR)
317(1)
Enhanced Mitigation Experience Toolkit (EMET)
317(1)
Bypassing Windows Memory Protections
318(1)
Bypassing/GS
318(1)
Bypassing SafeSEH
319(1)
Bypassing ASLR
319(2)
Bypassing DEP
321(7)
Bypassing EMET
328(1)
Bypassing SEHOP
328(9)
Summary
335(1)
References
335(1)
For Further Reading
336(1)
Chapter 14 Exploiting the Windows Access Control Model
337(52)
Why Access Control Is Interesting to a Hacker
337(1)
Most People Don't Understand Access Control
337(1)
Vulnerabilities You Find Are Easy to Exploit
338(1)
You'll Find Tons of Security Vulnerabilities
338(1)
How Windows Access Control Works
338(1)
Security Identifier
339(1)
Access Token
340(3)
Security Descriptor
343(4)
The Access Check
347(2)
Tools for Analyzing Access Control Configurations
349(1)
Dumping the Process Token
350(3)
Dumping the Security Descriptor
353(1)
Special SIDs, Special Access, and "Access Denied"
354(1)
Special SIDs
355(2)
Special Access
357(1)
Investigating "Access Denied"
357(8)
Analyzing Access Control for Elevation of Privilege
365(1)
Attack Patterns for Each Interesting Object Type
365(1)
Attacking Services
365(7)
Attacking Weak DACLs in the Windows Registry
372(3)
Attacking Weak Directory DACLs
375(4)
Attacking Weak File DACLs
379(4)
What Other Object Types Are Out There?
383(1)
Enumerating Shared Memory Sections
383(1)
Enumerating Named Pipes
384(1)
Enumerating Processes
385(1)
Enumerating Other Named Kernel Objects (Semaphores, Mutexes, Events, and Devices)
386(3)
Summary
387(1)
For Further Reading
387(2)
Chapter 15 Exploiting Web Applications
389(26)
Overview of the Top
10(379)
Web Vulnerabilities
389(1)
MD5 Hash Injection
390(6)
Lab 15-1 Injecting the Hash
391(5)
Multibyte Encoding Injection
396(1)
Understanding the Vulnerability
397(5)
Lab 15-2 Leverage Multibyte Encoding
397(5)
Hunting Cross-site Scripting (XSS)
402(2)
Lab 15-3 Basic XSS Injection into a JavaScript Block
403(1)
Unicode Normalization Forms Attack
404(1)
Lab 15-4 Leveraging Unicode Normalization
404(1)
Unicode Normalization Introduction
405(2)
Normalization Forms
407(1)
Preparing the Environment for Testing
407(2)
XSS Testing via x5s the Plug-In
409(1)
Launching the Attack Manually
410(2)
Adding Your Own Test Case
412(3)
Summary
413(1)
References
413(1)
For Further Reading
414(1)
Chapter 16 Exploiting IE: Smashing the Heap
415(20)
Setting Up the Environment
415(1)
WinDbg Configuration
415(1)
Attaching the Browser to WinDbg
416(1)
Introduction to Heap Spray
417(1)
Spraying with HTML5
418(4)
Lab 16-1 Heap Spray via HTML5
420(2)
DOM Element Property Spray (DEPS)
422(3)
Lab 16-2 Heap Spray via DEPS Technique
423(2)
HeapLib2 Technique
425(1)
Forcing New Allocations by Exhausting the Cache Blocks
426(1)
Lab 16-3 HeapLib2 Spraying
426(1)
Flash Spray with Byte Arrays
427(2)
Lab 16-4 Basic Heap Spray with Flash
428(1)
Flash Spray with Integer Vectors
429(2)
Lab 16-5 Heap Spray with Flash Vectors
430(1)
Leveraging Low Fragmentation Heap (LFH)
431(4)
Summary
432(1)
References
433(1)
For Further Reading
433(2)
Chapter 17 Exploiting IE: Use-After-Free Technique
435(20)
Use-After-free Overview
435(3)
Debugging JavaScript
438(1)
Dissecting Use-After-Free (UAF)
439(8)
Lab 17-1 Dissecting UAF, Step by Step
439(8)
Leveraging the UAF Vulnerability
447(8)
Example 17-1 Connecting the Dots
448(5)
Summary
453(1)
References
453(1)
For Further Reading
453(2)
Chapter 18 Advanced Client-Side Exploitation with BeEF
455(28)
BeEF Basics
455(6)
Lab 18-1 Setting Up Beef
456(1)
Lab 18-2 Using the BeEF Console
457(4)
Hooking Browsers
461(5)
Lab 18-3 The Basic XSS Hook
461(1)
Lab 18-4 Hooking Browsers with Site Spoofing
462(3)
Lab 18-5 Automatically Injecting Hooks with Shank
465(1)
Fingerprinting with BeEF
466(5)
Lab 18-6 Fingerprinting Browsers with BeEF
467(1)
Lab 18-7 Fingerprinting Users with BeEF
468(2)
Lab 18-8 Fingerprinting Computers with BeEF
470(1)
Browser Exploitation
471(4)
Lab 18-9 Exploiting Browsers with BeEF and Java
472(3)
Exploiting Browsers with BeEF and Metasploit
475(3)
Automating Attacks
478(5)
Summary
481(1)
For Further Reading
482(1)
Chapter 19 One-Day Exploitation with Patch Diffing
483(28)
Introduction to Binary Diffing
483(1)
Application Diffing
483(1)
Patch Diffing
484(1)
Binary Diffing Tools
485(1)
BinDiff
486(1)
Turbodiff
487(4)
Lab 19-1 Our First Diff
489(2)
Patch Management Process
491(1)
Microsoft Patch Tuesday
491(3)
Lab 19-2 Obtaining and Extracting Microsoft Patches
492(2)
Examining the Patch
494(5)
Lab 19-3 Diffing MS14-006 with turbodiff
498(1)
Kernel Debugging
499(12)
Lab 19-4 Kernel Debugging MS14-006
503(3)
Summary
506(1)
References
507(1)
For Further Reading
507(4)
Part III Advanced Malware Analysis
Chapter 20 Dissecting Android Malware
511(20)
The Android Platform
511(1)
Android Application Package
511(2)
Application Manifest
513(2)
Analyzing DEX
515(2)
Java Decompilation
517(1)
DEX Decompilation
518(2)
DEX Disassembling
520(3)
Example 20-1 Running APK in Emulator
521(2)
Malware Analysis
523(1)
Malware Analysis Primer
524(7)
Example 20-2 Black-Box APK Monitoring with Droidbox
527(2)
Summary
529(1)
For Further Reading
529(2)
Chapter 21 Dissecting Ransomware
531(22)
History of Ransomware
531(1)
Options for Paying the Ransom
532(1)
Dissecting Ransomlock
532(17)
Example 21-1 Dynamic Analysis
533(2)
Example 21-2 Static Analysis
535(14)
Crypto Locker
549(4)
Summary
552(1)
For Further Reading
552(1)
Chapter 22 Analyzing 64-bit Malware
553(20)
Overview of the AMD64 Architecture
553(1)
AMD64 Calling Conventions
554(3)
Decrypting C&C Domains
557(16)
Example 22-1 Decrypting C&C Domains
571(1)
Summary
572(1)
For Further Reading
572(1)
Chapter 23 Next-Generation Reverse Engineering
573(20)
Notable IDA Plug-ins
573(1)
IDAscope
573(7)
IDA Toolbag
580(5)
Collaboration
585(1)
Honeypots and Sandboxes Using TrapX
586(1)
A Free Tool for Dynamic Analysis
586(1)
A Commercial Alternative: TrapX Malware Trap
587(6)
Summary
591(1)
References
591(1)
For Further Reading
591(2)
Appendix About the Download 593(2)
Index 595
Branko Spasojevic is a senior software engineer at Symantec.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97800718385046e.html